I am very new to Palo Alto FWS so please be gentle 🙂
I have been asked to setup two new PA3060 firewalls to be centrally managed by a Panorama server. Both the Panorama and Firewalls are running v8.0.5.
I have successfully followed the PA instructions to import the firewalls and configs into the Panorama.
However, if I create say a new interface, new sub-interface or new static routes into the virtual router, I commit the changes to the Panorama an then attempt a push to device.
The Commit shows as Completed, however when I access the device GUI, the new interfaces and static routes are not populated in the config of the device.
Any and all help is appreciated.
Thanks & Regards
Are you getting an error? Or does Panorama give you a completed status message? If the push goes through without error but you aren't seeing the changes, make sure the device isn't overriding Panorama. That will be indicated by a green and yellow gear icon. When it's taking Panorama's settings, the firewall will show you a green gear icon. You'll need to login to the device (firewall) via the WebGUI to check this.
A check of the Web GUI of the devices shows a green gear icon for those sections affected, namely interfaces, sub-interface and static routes in a non-default VR.
The Push to Device from the Panorama to the devices is not predictable. For example, when setting up a log forwarding profile the commit to the devices fails to both devices. This failed with an error as follows:
A check of the devices shows config has been pushed. The error in this case is as follows:
To ABCFWDRTW1 device
Any thoughts, suggestions are appreciated.
The first time prior to define in Panorama new Template objects you must push the Template from Panorama to the devices with the flag "Force Template values" on (In Edit Selections)
If you don´t do this the first time, all the Template (Network and Device) definitions in the device are marked as "Override" and then the prefered values in the push are the device values.
Values on Override state : PREFERENCE DEVICE VALUES
Values on No-Override State: panorama values
Once you have values on No-Override State you must configure only from Panorama and Panorama values will be /the values on tehe device.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!